CDIRCDIR (Cyber Defense Institute Incident Response) Collector - live collection tool based on oss tool/library
Stars: ✭ 122 (+12.96%)
WELAWELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+309.26%)
PSTraceTrace ScriptBlock execution for powershell v2
Stars: ✭ 38 (-64.81%)
GetConsoleHistoryAndOutputAn Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (-62.04%)
hayabusaHayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+740.74%)
uacUAC is a Live Response collection script for Incident Response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD and Solaris systems artifacts.
Stars: ✭ 260 (+140.74%)
CCXDiggerThe CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-58.33%)
TimesketchCollaborative forensic timeline analysis
Stars: ✭ 1,795 (+1562.04%)
TurbiniaAutomation and Scaling of Digital Forensics Tools
Stars: ✭ 461 (+326.85%)
Etl ParserEvent Trace Log file parser in pure Python
Stars: ✭ 66 (-38.89%)
MEATThis toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (-6.48%)
dnslogMinimalistic DNS logging tool
Stars: ✭ 40 (-62.96%)
DFIRRegexA repo to centralize some of the regular expressions I've found useful over the course of my DFIR career.
Stars: ✭ 33 (-69.44%)
Swap digger swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (+227.78%)
ir scriptsincident response scripts
Stars: ✭ 17 (-84.26%)
LevelDBDumperDumps all of the Key/Value pairs from a LevelDB database
Stars: ✭ 23 (-78.7%)
PypowershellxrayPython script to decode common encoded PowerShell scripts
Stars: ✭ 192 (+77.78%)
DFIR-O365RCPowerShell module for Office 365 and Azure log collection
Stars: ✭ 158 (+46.3%)
MindMaps#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (+107.41%)
Ir RescueA Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (+187.96%)
Mac aptmacOS Artifact Parsing Tool
Stars: ✭ 329 (+204.63%)
AutotimelinerAutomagically extract forensic timeline from volatile memory dump
Stars: ✭ 54 (-50%)
DiffyDiffy is a triage tool used during cloud-centric security incidents, to help digital forensics and incident response (DFIR) teams quickly identify suspicious hosts on which to focus their response.
Stars: ✭ 555 (+413.89%)
UserlineQuery and report user logons relations from MS Windows Security Events
Stars: ✭ 221 (+104.63%)
AdtimelineTimeline of Active Directory changes with replication metadata
Stars: ✭ 252 (+133.33%)
ad-privileged-auditProvides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-61.11%)
PackratLive system forensic collector
Stars: ✭ 16 (-85.19%)
MemlabsEducational, CTF-styled labs for individuals interested in Memory Forensics
Stars: ✭ 696 (+544.44%)
EventTranscriptParserPython based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-79.63%)
LinuxforensicsEverything related to Linux Forensics
Stars: ✭ 189 (+75%)
RecuperabitA tool for forensic file system reconstruction.
Stars: ✭ 280 (+159.26%)
RdpCacheStitcherRdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (+62.96%)
HindsightWeb browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (+445.37%)
smram parseSystem Management RAM analysis tool
Stars: ✭ 50 (-53.7%)
EventTranscript.db-ResearchA repo for centralizing ongoing research on the new Windows 10/11 DFIR artifact, EventTranscript.db.
Stars: ✭ 33 (-69.44%)
INDXRipperCarve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-70.37%)
MantOSLIFARS Networking Security GNU/Linux distro
Stars: ✭ 24 (-77.78%)
itunes receipt validatorValidate iTunes Transaction and Unified style receipts with local decoding and remote validation.
Stars: ✭ 38 (-64.81%)
yara-forensicsSet of Yara rules for finding files using magics headers
Stars: ✭ 115 (+6.48%)
TryHackMe-Write-UpThe entire walkthrough of all my resolved TryHackMe rooms
Stars: ✭ 53 (-50.93%)
AppmemDumperForensics triage tool relying on Volatility and Foremost
Stars: ✭ 22 (-79.63%)
urlRecon📝 urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server
Stars: ✭ 31 (-71.3%)
MusaicFMScreensaver inspired by Apple’s inbuilt iTunes Screensaver. It can display Artwork by Spotify or last.fm Profile Data.
Stars: ✭ 223 (+106.48%)
valheim-serverA simple, lightweight and secure Valheim Dedicated Server docker image with Kubernetes Helm chart support.
Stars: ✭ 23 (-78.7%)
BURN[WIP] Anti-Forensics ToolKit to clear post-intrusion sensible logfiles 🔥 (For Research Only)
Stars: ✭ 13 (-87.96%)
akk-stackContainerized EverQuest Emulator Server Environment
Stars: ✭ 36 (-66.67%)
QueriesSQLite queries
Stars: ✭ 57 (-47.22%)
BlockHashLocRecover files using lists of blocks hashes, bypassing the File System entirely
Stars: ✭ 45 (-58.33%)
AUCRAnalyst Unknown Cyber Range - a micro web service framework
Stars: ✭ 24 (-77.78%)
UserscriptsA collection of scripts that make spending time on the web easy.
Stars: ✭ 52 (-51.85%)
BlueCloudCyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
Stars: ✭ 88 (-18.52%)
zeek-docsDocumentation for Zeek
Stars: ✭ 41 (-62.04%)
iTunes-ScrobblerAn alternative scrobbler for iTunes and Music on macOS 10.12 or higher
Stars: ✭ 19 (-82.41%)
qedThe scalable, auditable and high-performance tamper-evident log project
Stars: ✭ 87 (-19.44%)
flare-wmiNo description or website provided.
Stars: ✭ 399 (+269.44%)
ingest-fileIngestors extract the contents of mixed unstructured documents into structured (followthemoney) data.
Stars: ✭ 40 (-62.96%)